Security Flaw in Linux Kernel Affects Request Handling
CVE-2026-43493

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-43493?

A vulnerability in the Linux kernel has been identified in the crypto subsystem's handling of pcrypt requests. The issue arises from improper management of MAY_BACKLOG requests, which can incorrectly return an EBUSY value. This flaw can lead to erroneous EINPROGRESS notifications that may compromise system security by allowing unauthorized access to critical requests. Properly handling these requests is crucial for ensuring the integrity and reliability of cryptographic operations within the Linux environment.

Affected Version(s)

Linux 5a1436beec5744029f3ac90b6fe71a698dcd6155 < 9f1cbca178c03188e201ed175251372149bb25f2

Linux 5a1436beec5744029f3ac90b6fe71a698dcd6155

Linux 5a1436beec5744029f3ac90b6fe71a698dcd6155 < 77d55bc8675ee851ed639dc9be77325a8024cf67

References

https://git.kernel.org/stable/c/9f1cbca178c03188e201ed175...

https://git.kernel.org/stable/c/eb34e243df57e32f4c08fa191...

https://git.kernel.org/stable/c/77d55bc8675ee851ed639dc9b...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43493 Data

JSON